hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aki Tanaka (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-8019) Resource manager webproxy fails to validate backend server's SSL cert
Date Sat, 10 Mar 2018 00:31:00 GMT

     [ https://issues.apache.org/jira/browse/YARN-8019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aki Tanaka updated YARN-8019:
-----------------------------
    Summary: Resource manager webproxy fails to validate backend server's SSL cert  (was:
Resource manager webproxy uses the client truststore specified in ssl-client.xml)

> Resource manager webproxy fails to validate backend server's SSL cert
> ---------------------------------------------------------------------
>
>                 Key: YARN-8019
>                 URL: https://issues.apache.org/jira/browse/YARN-8019
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: yarn
>    Affects Versions: 3.0.0
>            Reporter: Aki Tanaka
>            Priority: Major
>         Attachments: YARN-8019.001.patch
>
>
> A Yarn ResourceManager's web proxy launches with Java default SSL certificate. Due to
this behavior, the web proxy failed to validate a backend server's SSL certificate when the
backend server listens with HTTPS using custom SSL certificate. 
>  
> For example, Spark launches Spark context web UI with custom SSL certificate when we
enable SSL with "spark.ssl.trustStore" and "spark.ssl.keyStore" properties. In this case,
Yarn web proxy cannot connect the Spark context web UI since the web proxy cannot verify the
SSL cert ("javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed" error is returned).
>  
> We should add an option to set SSL trust store to Yarn RM web proxy. Attached a patch
to Yarn web proxy, and this patch lets web proxy use an SSL custom trust-store if it is configured
in ssl-client.xml



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message